Date Tags ansible

In this post I'll outline the steps required to set up a lab to play with network automation. Although it's pretty straightforward, I've had some headaches, so I thought to leave a note for future reference, and maybe it will help you, too.

Prerequisites:

  1. VMWare ESXi host
  2. Virtual machine running Ubuntu 18.04 LTS
  3. Virtual machine running EVE-NG

Within EVE-NG I'm using CSR1000v 16.04.01, Junos 17.2 and XRv 5.3.0. This is how my lab topology looks like:

Reference lab diagram

Each router is connected to external world (our Ubuntu VM) through a dedicated OOB interface and L2 switch. EVE-NG allows to do this using cloud objects.

By default, when you log in to the EVE-NG VM, you will see a number of network interfaces. EthX interfaces represent VM network adapters. pnetX interfaces are our cloud objects. Below screenshot illustrate the relationship between the interfaces:

  • pnet0 is bridged with eth0
  • pnet1 is bridged with eth1

EVE-NG network interfaces

In my lab, I want to connect my OOB L2 domain straight to Ubuntu VM. For this purpose I’m using eth1 interface mapped to pnet1 interface, which translates to cloud1 object within EVE-NG.

EVE-NG cloud

I’m using 10.1.1.0/24 on this subnet with following addressing rules:

10.1.1.254 – Ubuntu VM

10.1.1.routerX – OOB IP address of router X

Make sure to configure your vSwitch so that eth1 is on a common VLAN with Ubuntu VM interface.

At this point, we should have connectivity between Ubuntu VM and our virtual routers.

Let’s try to reach CSR15:

[email protected]:~$ ping 10.1.1.15
PING 10.1.1.15 (10.1.1.15) 56(84) bytes of data.
64 bytes from 10.1.1.15: icmp_seq=1 ttl=255 time=219 ms
64 bytes from 10.1.1.15: icmp_seq=2 ttl=255 time=420 ms
64 bytes from 10.1.1.15: icmp_seq=3 ttl=255 time=492 ms
64 bytes from 10.1.1.15: icmp_seq=4 ttl=255 time=6.02 ms

We will use SSH to connect to the routers, so we need to generate RSA keys and enable SSH server.

IOS XE

R14(config)#ip domain-name lab.net
R14(config)#exit

R14#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

R14(config)#crypto key generate rsa general-keys modulus 2048
The name for the keys will be: R14.lab.net

% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)

*Jul 19 12:46:13.916: %SSH-5-ENABLED: SSH 1.99 has been enabled

R14(config)#ip ssh version 2
R14(config)#username cisco privilege 15 password cisco
R14(config)#line vty 0 15
R14(config-line)#login local
R14(config-line)#exit

IOS XR

RP/0/0/CPU0:XRv8#crypto key generate rsa general-keys
Thu Jul 19 12:48:37.677 UTC
The name for the keys will be: the_default
  Choose the size of the key modulus in the range of 512 to 4096 for your General Purpose Keypair. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [1024]: 2048
Generating RSA keys ...
Done w/ crypto generate keypair
[OK]

RP/0/0/CPU0:XRv8#conf t
Thu Jul 19 12:48:45.426 UTC
RP/0/0/CPU0:XRv8(config)#ssh server v2
RP/0/0/CPU0:XRv8(config)#commit

Since we will refer to the routers by hostnames, let’s define the mappings in /etc/hosts file.

[email protected]:~$ cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       marcin-vm-lab-2

10.1.1.15       csr15
10.1.1.7        xrv7
10.1.1.14       csr14
10.1.1.8        xrv8

Now, we should be able to ssh to the routers:

[email protected]:~$ ssh [email protected]
The authenticity of host 'csr14 (10.1.1.14)' can't be established.
RSA key fingerprint is SHA256:6vd6fia+4DFKYWuldCAgNqEXKPjvyA9kpQH+zYX8at4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'csr14,10.1.1.14' (RSA) to the list of known hosts.
Password:

R14#

IOS XE works fine. Let’s try IOS XR.

[email protected]:~$ ssh [email protected]

Unable to negotiate with 10.1.1.8 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Oops… This tells us that key exchange has failed. I have not investigated this very thoroughly, but applied a quick fix instead.

We create ~/.ssh/config file with following contents:

[email protected]:~$ cat ~/.ssh/config
# XRv fix
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc

Let's try again:

[email protected]:~$ ssh [email protected]



IMPORTANT:  READ CAREFULLY
Welcome to the Demo Version of Cisco IOS XRv (the "Software").
The Software is subject to and governed by the terms and conditions
of the End User License Agreement and the Supplemental End User
License Agreement accompanying the product, made available at the
time of your order, or posted on the Cisco website at
www.cisco.com/go/terms (collectively, the "Agreement").
As set forth more fully in the Agreement, use of the Software is
strictly limited to internal use in a non-production environment
solely for demonstration and evaluation purposes.  Downloading,
installing, or using the Software constitutes acceptance of the
Agreement, and you are binding yourself and the business entity
that you represent to the Agreement.  If you do not agree to all
of the terms of the Agreement, then Cisco is unwilling to license
the Software to you and (a) you may not download, install or use the
Software, and (b) you may return the Software as more fully set forth
in the Agreement.


Please login with any configured user/password, or cisco/cisco


[email protected]'s password:


RP/0/0/CPU0:XRv8#

Success! Now we are ready to proceed with Ansible.

sudo apt-get upgrade

sudo apt-get install ansible

This will configure Ansible for us. We’re ready to try out our first playbook. Our inventory file will hold our router names, the group they belong to and credentials.

[email protected]:~/ansible$ cat inventory
[csr1000v]
csr15

[xrv]
xrv7

[xrv:vars]
username=cisco
password=cisco

[csr1000v:vars]
username=cisco
password=cisco

And here are the contents of our playbook:

---
- name: Play #1 - execute show version across platforms
  hosts: all
  gather_facts: no
  connection: local
  vars:
    creds:
      username: "{{ username }}"
      password: "{{ password }}"
  tasks:
    - name: “IOS XE - Execute show version"
      ios_command:
        commands: "show version"
        provider: "{{ creds }}"
      register: xe_results
      when: "'csr1000v' in group_names"
    - debug: var=xe_results.stdout_lines

    - name: "IOS XR - Execute show version"
      iosxr_command:
        commands: "show version"
        provider: "{{ creds }}"
      register: xr_results
      when: "'xrv' in group_names"
    - debug: var=xr_results.stdout_lines

If everything went well, we should be able to execute our playbook.

[email protected]:~/ansible$ ansible-playbook -i inventory playbooks/p1-show-version.yml

PLAY [Play] ***************************************************************************************************************************************************************

TASK [** IOS XE ** Execute show version] **********************************************************************************************************************************
skipping: [xrv7]
ok: [csr15]

TASK [debug] **************************************************************************************************************************************************************
ok: [csr15] => {
    "xe_results.stdout_lines": [
        [
            "Cisco IOS XE Software, Version 16.04.01",
            "Cisco IOS Software [Everest], CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.4.1, RELEASE SOFTWARE (fc2)",
            "Technical Support: http://www.********.com/techsupport",
            "Copyright (c) 1986-2016 by Cisco Systems, Inc.",
            "Compiled Sun 27-Nov-16 13:02 by mcpre",
            "",
            "",
            "Cisco IOS-XE software, Copyright (c) 2005-2016 by ******** Systems, Inc.",
            "All rights reserved.  Certain components of Cisco IOS-XE software are",
            "licensed under the GNU General Public License (\"GPL\") Version 2.0.  The",
            "software code licensed under GPL Version 2.0 is free software that comes",
            "with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such",
            "GPL code under the terms of GPL Version 2.0.  For more details, see the",
            "documentation or \"License Notice\" file accompanying the IOS-XE software,",
            "or the applicable URL provided on the flyer accompanying the IOS-XE",
            "software.",
            "",
            "",
            "ROM: IOS-XE ROMMON",
            "",
            "R15 uptime is 3 days, 1 hour, 52 minutes",
            "Uptime for this control processor is 3 days, 1 hour, 57 minutes",
            "System returned to ROM by reload",
            "System image file is \"bootflash:packages.conf\"",
            "Last reload reason: Unknown reason",
            "",
            "",
            "",
            "This product contains cryptographic features and is subject to United",
            "States and local country laws governing import, export, transfer and",
            "use. Delivery of Cisco cryptographic products does not imply",
            "third-party authority to import, export, distribute or use encryption.",
            "Importers, exporters, distributors and users are responsible for",
            "compliance with U.S. and local country laws. By using this product you",
            "agree to comply with applicable laws and regulations. If you are unable",
            "to comply with U.S. and local laws, return this product immediately.",
            "",
            "A summary of U.S. laws governing Cisco cryptographic products may be found at:",
            "http://www.********.com/wwl/export/crypto/tool/stqrg.html",
            "",
            "If you require further assistance please contact us by sending email to",
            "[email protected]********.com.",
            "",
            "License Level: ax",
            "License Type: Default. No valid license found.",
            "Next reload license Level: ax",
            "",
            "******** CSR1000V (VXE) processor (revision VXE) with 1086743K/3075K bytes of memory.",
            "Processor board ID 91UVWRC1G9W",
            "4 Gigabit Ethernet interfaces",
            "32768K bytes of non-volatile configuration memory.",
            "3019184K bytes of physical memory.",
            "7774207K bytes of virtual hard disk at bootflash:.",
            "0K bytes of  at webui:.",
            "",
            "Configuration register is 0x2102"
        ]
    ]
}
ok: [xrv7] => {
    "xe_results.stdout_lines": "VARIABLE IS NOT DEFINED!"
}

TASK [** IOS XR ** Execute show version] **********************************************************************************************************************************
skipping: [csr15]
ok: [xrv7]

TASK [debug] **************************************************************************************************************************************************************
ok: [csr15] => {
    "xr_results.stdout_lines": "VARIABLE IS NOT DEFINED!"
}
ok: [xrv7] => {
    "xr_results.stdout_lines": [
        [
            "Cisco IOS XR Software, Version 5.3.0[Default]",
            "Copyright (c) 2015 by Cisco Systems, Inc.",
            "",
            "ROM: GRUB, Version 1.99(0), DEV RELEASE",
            "",
            "XRv7 uptime is 3 days, 1 hour, 55 minutes",
            "System image file is \"bootflash:disk0/xrvr-os-mbi-5.3.0/mbixrvr-rp.vm\"",
            "",
            "******** IOS XRv Series (Pentium Celeron Stepping 3) processor with 3145215K bytes of memory.",
            "Pentium Celeron Stepping 3 processor at 3555MHz, Revision 2.174",
            "IOS XRv Chassis",
            "",
            "1 Management Ethernet",
            "7 GigabitEthernet",
            "97070k bytes of non-volatile configuration memory.",
            "866M bytes of hard disk.",
            "2321392k bytes of disk0: (Sector size 512 bytes).",
            "",
            "Configuration register on node 0/0/CPU0 is 0x2102",
            "Boot device on node 0/0/CPU0 is disk0:",
            "Package active on node 0/0/CPU0:",
            "iosxr-infra, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-infra-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-fwding, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-fwding-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-routing, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-routing-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-ce, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-ce-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "xrvr-os-mbi, V 5.3.0[Default], Cisco Systems, at disk0:xrvr-os-mbi-5.3.0",
            "    Built on Sun Jan 18 17:36:08 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "xrvr-base, V 5.3.0[Default], Cisco Systems, at disk0:xrvr-base-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "xrvr-fwding, V 5.3.0[Default], Cisco Systems, at disk0:xrvr-fwding-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "xrvr-mgbl-x, V 5.3.0[Default], Cisco Systems, at disk0:xrvr-mgbl-x-5.3.0",
            "    Built on Sun Jan 18 17:35:21 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-mpls, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-mpls-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-mgbl, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-mgbl-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-mcast, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-mcast-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "xrvr-mcast-supp, V 5.3.0[Default], Cisco Systems, at disk0:xrvr-mcast-supp-5.3.0",
            "    Built on Sun Jan 18 17:35:11 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-bng, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-bng-5.3.0",
            "    Built on Sun Jan 18 17:35:09 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "xrvr-bng-supp, V 5.3.0[Default], Cisco Systems, at disk0:xrvr-bng-supp-5.3.0",
            "    Built on Sun Jan 18 17:35:09 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "iosxr-security, V 5.3.0[Default], Cisco Systems, at disk0:iosxr-security-5.3.0",
            "    Built on Sun Jan 18 17:35:06 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie",
            "",
            "xrvr-fullk9-x, V 5.3.0[Default], Cisco Systems, at disk0:xrvr-fullk9-x-5.3.0",
            "    Built on Sun Jan 18 17:36:17 UTC 2015",
            "    By iox-lnx-003 in /auto/srcarchive11/production/5.3.0/all/workspace for pie"
        ]
    ]
}

PLAY RECAP ****************************************************************************************************************************************************************
csr15                      : ok=3    changed=0    unreachable=0    failed=0
xrv7                       : ok=3    changed=0    unreachable=0    failed=0

Comments

comments powered by Disqus